leftArrow

All Blogs

Trends & Statistics

Cyberattack Statistics 2025: What the Numbers Reveal About Today's Threats

Published Date: Jun 20, 2025
Checkout the Top Cyberattack Statistics

Quick Overview: This blog uncovers the alarming rise in cyberattacks in 2025, with sharp spikes in ransomware, phishing, and AI-powered breaches. Backed by the latest industry data, it explores attack vectors, targeted industries, financial damages, and evolving hacker tactics—offering insights to help organizations stay prepared in a rapidly changing threat landscape.

Cyberattacks are growing faster, more frequent, and increasingly sophisticated. They have become the biggest threats facing modern businesses, especially startups navigating digital growth. As AI capabilities accelerate, digital footprints expand, and global instability rises, the risk of cybercrime has never been more intense.

While organizations race to fortify their defenses, attackers are exploiting the weakest links—employees vulnerable to social engineering and outdated security systems. Once inside, threat actors waste no time, quickly moving laterally across networks to carry out their objectives. In 2024, CrowdStrike reported that 79% of observed detections were malware-free, highlighting a major shift in tactics. Instead of relying on traditional malware, adversaries are using hands-on-keyboard techniques that mimic legitimate user behavior, making them far harder to detect and stop.

Global Threat Report for 2025

So how can you prepare your businesses to defend against evolving cyber risks in 2025 and beyond?

In this guide, we break down the latest cyberattack statistics, trends, and insights that matter most to growing businesses. From rising attack patterns to actionable security measures, you’ll gain a clear picture of where the threats are—and how to stay ahead of them.

Win the Rat Race of Security with Modern AI-powered Tool – ZeroThreat – Eliminate Vulnerabilities Before They Become a Serious Threat! Check the Full Pricing List

On This Page
  1. How Many Cyberattacks Happen Per Day?
  2. How Many Businesses Get Hacked Each Year?
  3. Cost of Cybercrimes
  4. Top Cyberattack Statistics: Key Takeaway
  5. Top Cyberattack Vectors in 2025
  6. Industry-Specific Cybersecurity Trends in 2025
  7. Geographical Distribution of Cyberattacks in 2025
  8. Malware Trends in 2025
  9. Ransomware Statistics
  10. Sector-Wise Breakdowns
  11. Conclusion: Adapt or Be Compromised

How Many Cyberattacks Happen Per Day?

Cyberattacks are occurring at an alarming rate around the globe. While exact numbers vary by source and definition, estimates show that:

  • Over 2,200 cyberattacks happen every day, according to the University of Maryland—this breaks down to nearly 1 attack every 39 seconds on average.
  • Globally, businesses face over 30,000 website hacks daily, many targeting small to mid-sized organizations.
  • In 2024, phishing attempts and email-based attacks alone reached hundreds of millions per month, with AI-generated threats increasing frequency and success rates.
  • The exact numbers vary massively depending on how you choose to define an attack. By Microsoft estimates, there are 600 million cyberattacks per day.

600 million Cyberattacks per Day

  • According to the Identity Theft Resource Center (ITRC) Annual Data Breach Report, there were 3,205 recorded cyberattacks resulting in data compromises in 2024—a sharp rise from 2,365 in 2023, 1,584 in 2022, and just 754 in 2018.
  • This averages out to roughly 8.7 data breaches per day. But the number of affected individuals is significantly higher. In 2024 alone, over 1.7 billion individuals were impacted, translating to approximately 4.6 million victims per day, or nearly 54 every second.

How Many Businesses Get Hacked Each Year?

Each year, thousands of businesses fall victim to cyberattacks—ranging from phishing scams and ransomware to full-scale data breaches. While exact numbers vary by region and industry, here are key insights:

  • In 2024, the Identity Theft Resource Center (ITRC) reported 3,205 confirmed data compromises affecting U.S. organizations alone—a record high.
  • Globally, it's estimated that over 60% of small to medium-sized businesses (SMBs) experience at least one cyberattack annually.
  • A study by Accenture revealed that 43% of cyberattacks are aimed at small businesses, yet only 14% are prepared to defend against them.
  • According to a 2024 Sophos study, 59% of businesses were hit by ransomware in the last 12 months. That’s a drop from a high of 66% in each of the previous two years.
  • In the UK, 50% of businesses and 32% of charities reported experiencing a cyberattack within the last 12 months.
  • IBM’s 2024 Cost of a Data Breach Report found that 83% of organizations experienced more than one data breach over a 12-month period.

Cost of Cybercrimes

The cost of cybercrime continues to climb at an alarming rate—and it shows no signs of slowing down. Below are some key statistics that illustrate just how widespread and costly these threats have become.

Financial loss remains the biggest risk associated with cybersecurity threats—making cybercrime one of the most expensive challenges facing modern businesses.

  • Estimated Global Cost of Cybercrime in 2025: $13.86 trillion annually (up from $8.44 trillion in 2022).
  • Year-over-Year Growth Rate: 12.7% increase from 2024 to 2025.
  • In 2023 alone, global cybercrime costs reached an estimated $8 trillion, underscoring the scale and urgency of the issue. These costs are projected to skyrocket to nearly $24 trillion by 2027, driven by more sophisticated attacks and expanding digital footprints.

Cybercrime Cost Statistics

  • As per Statista, cybercrime is projected to cost the world $13.82 trillion annually by 2028, reflecting the growing scale and sophistication of global threats.

Cybercrime Statistics

Top Cyberattack Statistics: Key Takeaway

Small businesses continue to face growing threats in the cybersecurity landscape, often without the resources or readiness to defend against them.Below are the most critical statistics that highlight the scale, cost, and nature of cyberattacks impacting small businesses today:

  • According to Accenture, 43% of cyberattacks target small and medium-sized businesses (SMBs)—making them a primary focus for cybercriminals.
  • Only 14% of SMBs are adequately prepared to defend against such attacks, leaving the majority exposed.
  • The cost of a cybersecurity incident for SMBs ranges from $826 to $653,587, depending on the severity and scale of the breach.
  • Human error accounts for 95% of cybersecurity breaches, according to the World Economic Forum, underscoring the need for awareness and training.
  • Cybercrime costs are expected to increase by 15% over the next five years, reaching $10.5 trillion annually by 2025.
  • Nearly 54 people fall victim to a cyberattack every second, highlighting the constant and pervasive nature of modern threats.
  • Almost 6 in 10 businesses have suffered a ransomware attack in the past year, making it one of the most common cyber threats globally.
  • North America has experienced an 8% increase in ransomware attacks this year, reflecting a significant regional rise in targeted incidents.
  • The average cost of a successful attack on an Internet of Things (IoT) device exceeds $330,000, underlining the financial risks tied to connected technologies.
  • More than $6.3 billion was lost to business email compromise (BEC) scams over the past year, making BEC one of the most financially damaging cybercrimes.
  • The largest recorded data breach compromised over 3 billion user accounts, demonstrating the massive scale of potential data exposure in a single incident.
  • 50% of UK businesses experienced a cyberattack in 2023, indicating a sharp rise in organizational vulnerability.
  • Nearly 1 billion emails were exposed in a single year, impacting approximately 1 in 5 internet users worldwide.
  • In 2024, data breaches cost businesses an average of $4.88 million, reflecting the high financial stakes of inadequate security.
  • Approximately 236.1 million ransomware attacks occurred globally in just the first half of 2022.
  • 1 in 2 American internet users had at least one of their accounts breached in 2021.
  • 39% of UK businesses reported suffering a cyberattack in 2022, continuing a concerning trend year-over-year.
  • Around 1 in 10 U.S. organizations have no cyber insurance coverage, leaving them financially exposed to attacks.
  • Over 53.35 million U.S. citizens were victims of cybercrime in the first half of 2022 alone.
  • Cybercrime cost UK businesses an average of ÂŁ4,200 in 2022, highlighting the financial burden on SMEs and enterprises alike.
  • Malware attacks increased by 358% in 2020 compared to 2019, showing the accelerating pace of threat evolution.
  • Phishing remains the most common cyber threat faced by both individuals and businesses globally.

Top Cyberattack Vectors in 2025

Ransomware Remains Dominant

  • Percentage of Organizations Targeted by Ransomware in 2025: 43%
  • Average Ransom Paid in 2025: $2.3 million (down from $2.8 million in 2024 due to improved incident response and negotiation tactics)
  • Ransomware-as-a-Service (RaaS) Usage: 61% of ransomware attacks involved RaaS platforms
  • Double Extortion Tactics: Used in 87% of ransomware cases – attackers exfiltrate data before encryption

Phishing and Social Engineering

  • Phishing Incidents Increased by 29% compared to 2024.
  • Spear Phishing Success Rate: 1 in every 12 emails successfully compromises user credentials.
  • AI-Powered Phishing Tools: Over 65% of phishing campaigns now use AI-generated content to mimic trusted sources.
  • Business Email Compromise (BEC): Accounts for 21% of all phishing-related losses.

Supply Chain Attacks

  • Supply Chain Attacks Increased by 44% YoY.
  • Notable Targets in 2025: Software vendors, cloud service providers, and logistics companies.
  • SolarWinds-like Breaches: At least 3 major incidents reported involving zero-day exploits embedded in software updates.
  • Third-party Vendor Risk: 68% of organizations experienced at least one breach through a third-party vendor.

IoT and OT Vulnerabilities Exploited

  • Number of IoT Devices Worldwide in 2025: 34.8 billion.
  • IoT-based Cyberattacks Increased by 52% YoY.
  • Critical Infrastructure Targeted via OT Systems: 17% of all industrial control system (ICS) breaches led to operational downtime.
  • Most Common IoT Vulnerability Type: Weak or hardcoded credentials (accounting for 43% of IoT exploits).

Zero-Day Exploits on the Rise

  • Zero-Day Exploits Identified in 2025: 98 recorded instances.
  • Top Platforms Targeted: Microsoft Windows (34%), Android (21%), and Apple iOS (18%).
  • Exploit Kits Leveraging Zero-Days: Average time from discovery to public exploit dropped to just 2.4 days.

Industry-Specific Cybersecurity Trends in 2025

Healthcare Sector Under Siege

  • Healthcare Data Breaches Reported in 2025: 1,230 incidents.
  • Percentage of Breaches Involving Ransomware: 56%.
  • Cost per Healthcare Data Breach: $10.1 million (highest among all industries).
  • Medical Device Hacking Attempts: Up by 38%, with pacemakers and insulin pumps being targeted in proof-of-concept attacks.

Financial Services Remain High-Value Targets

  • Financial Institutions Targeted by Cyberattacks in 2025: 72% of all banks globally.
  • Average Loss per Financial Institution: $4.7 million.
  • SWIFT Payment System Fraud Attempts: Increased by 24%, with attackers leveraging insider threats and compromised APIs.
  • Cryptocurrency Exchange Hacks: 11 major exchanges breached, resulting in over $2.1 billion in stolen assets.

Education Sector Faces Surge in Cyber Threats

  • Educational Institutions Affected by Ransomware in 2025: 41% increase from 2024.
  • K-12 Schools Targeted: 59% of U.S. school districts reported cyber incidents.
  • Data Leaked from Universities: Over 8.2 million student records exposed through unsecured databases.

Government Agencies and Critical Infrastructure

  • Nation-State Cyberattacks Reported in 2025: 143 incidents globally.
  • Critical Infrastructure Targeted: Energy grids (32%), water treatment facilities (19%), and transportation networks (17%).
  • Notable Campaigns: "APT41" and "Lazarus Group" activities linked to multiple nation-state operations.

Geographical Distribution of Cyberattacks in 2025

Most Frequently Attacked Countries

RankCountry% of Cyberattacks
1United States39%
2China14%
3India9%
4Germany6%
5United Kingdom5%

(Source: Kaspersky Threat Intelligence Report, 2025)

Top Countries Hosting Cybercriminal Activity

RankCountryPrimary Activity
1RussiaRansomware, DDoS, BEC
2ChinaEspionage, IP theft
3NigeriaBEC, romance scams, phishing
4IranNation-state attacks, OT disruption
5BrazilBanking Trojans, malware distribution
  • The United States accounts for 59% of all ransomware attacks, making it the most targeted country globally for this threat type.
  • In Canada, 72% of small to medium-sized businesses faced a cyberattack in 2024, indicating a sharp increase in regional threats.
  • 65% of businesses in Mexico reported a rise in data breaches over the past year, highlighting the growing cybersecurity challenges in Latin America.
  • Russia holds the highest cybercrime threat level worldwide, driven by the volume and sophistication of cyber operations.
  • Poland reported the highest number of cyberattacks globally in 2024, surpassing larger nations in terms of attack frequency.
  • Nordic countries are recognized for having the strongest cybersecurity infrastructure, often serving as a model for proactive digital defense strategies.

Scan in Minutes and Discover Security Loopholes 5X Faster Than Traditional AppSec Tools Try Now

Malware Trends in 2025

Types of Malware by Prevalence

Malware Type% Share in 2025
Ransomware34%
Banking Trojans22%
Info-stealers18%
Crypto-miners12%
Worms & Viruses8%
Others6%
  • Q1 2025 saw a record-breaking 2,063 ransomware victims, marking the highest number ever recorded in a single quarter.
  • 70 active threat groups were identified, representing a 56% increase year-over-year.
  • Akira ransomware was linked to 213 victims in Q1 2025, showing a massive 261% rise in activity compared to the same period last year.
  • 59% of all ransomware victims were based in the U.S., the highest regional concentration recorded to date.
  • A total of 12,333 vulnerabilities were reported in Q1 2025, with actively exploited flaws increasing by 75% and total vulnerabilities rising 41% year-over-year.
  • Cyberattacks on non-profits more than doubled (+106%), while incidents in the education sector rose by 16%, signaling a growing disregard for traditionally “off-limits” sectors.
  • As per Statista, in 2024, more than 6.5 billion malware attacks were recorded globally, marking an 8% increase compared to the previous year. Between 2020 and 2024, the volume of attacks has fluctuated between 5.4 billion and 6.54 billion, reflecting the persistent nature of malware threats.
  • The most severe year for malware activity in the past decade was 2018, which saw a staggering 10.5 billion attacks—a record high that underscores how intense the threat landscape can become.

Malware Attack Statistics

Here's a breakdown of the number of malware attacks worldwide since 2015:

YearNumber of Malware Attacks
20158.2 billion
20167.9 billion
20178.6 billion
201810.5 billion
20199.9 billion
20205.6 billion
20215.4 billion
20225.5 billion
20236.06 billion
20246.54 billion

Encrypted threats increased by 93% in 2024, indicating that malware attacks are growing more sophisticated.

Ransomware Statistics

Ransomware remains one of the most widespread and rapidly evolving cyber threats impacting both individuals and organizations across the globe. Each year, over 300 million ransomware attacks are reported worldwide.

In 2024, the threat intensified significantly:

  • Ransomware attacks rose by 8% in North America
  • Latin America (LATAM) experienced a staggering 259% surge in incidents

The financial impact is just as alarming. The average ransom payment now stands at $850,700. However, when factoring in downtime, operational disruption, and recovery expenses, the total cost of a ransomware incident averages $4.91 million.

Ransomware Statistics

Here's a look at the number of ransomware attacks per year since 2017:

YearNumber of Ransomware Attacks
2017186.3 million
2018206.4 million
2019187.91 million
2020304.64 million
2021623.25 million
2022493.33 million
2023317.59 million

North America leads in industrial ransomware attacks, accounting for the largest regional share at 43%. The data underscores the growing threat to critical infrastructure and manufacturing sectors across the globe.

Breakdown of Industrial Ransomware Attacks by Region:

  • North America – 43%
  • Europe – 30%
  • Asia – 16%
  • South America – 7%
  • Middle East & Africa – 4%

Sector-Wise Breakdowns

Healthcare

  • 89% of healthcare orgs had breaches in recent years; average breach cost: $10.93 million in 2023; trending slightly down to $9.77 million in 2024.
  • Over 300,000 medical IoT devices per 20M-population are vulnerable, with many hospitals lacking detection capabilities.

Finance & Insurance

  • Average breach cost: $5.85 million; detection and containment average: 233 days.
  • Business email compromise affects 70% of organizations, causing 25% of total incidents; 78% of financial and insurance companies saw ransomware incidents.

Manufacturing

  • Attacks rose 41% in H1 2024; accounted for 29% of global ransomware in Q2 2024.

Education

  • Education sector hit hardest in Q2 2024, with 90% of breaches from intrusion, social engineering, and errors.
  • In mid‑2023 alone, 2,000 attacks/week per institution; 36% due to credentials, 29% to vulnerabilities.

Boost DevSecOps Workflow with Automated Scans on Every Build Within Your CI/CD Pipeline Start Now

Conclusion: Adapt or Be Compromised

The cyber threat landscape in 2025 is no longer defined by individual hackers or isolated breaches. We are witnessing the rise of industrial-scale, AI-powered attack ecosystems capable of targeting thousands of organizations simultaneously.

This year’s statistics don’t just reflect an increase in attack volume—they point to a new paradigm in threat sophistication, automation, and scale. The rise in credential theft, ransomware-as-a-service, AI-enhanced phishing, and deepfake social engineering confirms that traditional security methods are no longer sufficient.

What can organizations do?

  • Implement zero-trust security models.
  • Invest in AI-driven threat detection tools.
  • Ensure workforce cybersecurity training.
  • Prepare for quantum-secure cryptography.

But with the right tools, resilience is possible—and this is where ZeroThreat steps in.

ZeroThreat’s AI-powered application security engine is built to face 2025’s threats head-on. It automates vulnerability discovery, minimizes false positives to near-zero, and delivers actionable insights, not noise. Whether you're dealing with credential-based attacks, RaaS operators, or sophisticated AI phishing, ZeroThreat's GPT-enhanced engine uncovers real vulnerabilities faster—without the manual overhead.

Ready to see how ZeroThreat can help?